mirrors/django
mirrors/django
0
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-11-24 02:47:35 +01:00
Code Issues Releases Wiki Activity
c56e1273a9
django/docs/releases/4.1.7.txt
Markus Holtermann 85ac33591c Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 
Thanks to Jakob Ackermann for the report.
2023-02-14 08:18:40 +01:00

25 lines
757 B
Plaintext
Raw Blame History

==========================
Django 4.1.7 release notes
==========================
*February 14, 2023*
Django 4.1.7 fixes a security issue with severity "moderate" and a bug in
4.1.6.
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================
Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.
The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.
Bugfixes
========
* Fixed a bug in Django 4.1 that caused a crash of model validation on
``ValidationError`` with no ``code`` (:ticket:`34319`).
View Git Blame Copy Permalink